A newly discovered vulnerability in the ISO 15118 electric vehicle charging protocol has security researchers and EV manufacturers on high alert. Designated CVE-2025-12357, this critical weakness in the Signal Level Attenuation Characterization (SLAC) mechanism enables man-in-the-middle attacks that could disrupt charging sessions, manipulate billing data, or potentially compromise vehicle security systems.

Understanding the ISO 15118 Protocol

The ISO 15118 standard represents the backbone of modern electric vehicle charging infrastructure, enabling secure communication between EVs and charging stations. This international protocol governs the entire charging process, from authentication and payment to power management and safety controls. The standard's primary purpose is to ensure that EV charging remains secure, reliable, and interoperable across different manufacturers and charging networks.

ISO 15118 enables advanced features like Plug & Charge, which allows vehicles to automatically authenticate and authorize charging sessions without requiring additional user interaction. This convenience comes with significant security implications, as the protocol must protect against various attack vectors while maintaining seamless user experience.

The SLAC Vulnerability Explained

At the heart of CVE-2025-12357 lies the Signal Level Attenuation Characterization (SLAC) process, which is responsible for pairing electric vehicles with charging stations. SLAC operates during the initial handshake between an EV and charger, using specific signal patterns to establish a secure communication channel and verify that the physical connection is legitimate.

The vulnerability allows attackers to manipulate the SLAC exchange by intercepting and modifying the communication between the vehicle and charging station. This manipulation can occur because the SLAC process lacks adequate validation mechanisms to detect when an unauthorized party is interfering with the pairing sequence.

Security researchers have demonstrated that an attacker with physical access to the charging cable or proximity to the charging session can inject malicious packets into the SLAC handshake. This interference can lead to several concerning scenarios, including session hijacking, denial of service attacks, or manipulation of charging parameters.

Technical Mechanism of the Attack

The attack exploits weaknesses in how SLAC messages are authenticated and validated during the pairing process. According to technical analysis, the vulnerability stems from insufficient cryptographic protection in certain phases of the SLAC exchange. Attackers can exploit timing windows and message replay opportunities to insert themselves into the communication channel.

During a typical attack scenario, the malicious actor positions themselves between the EV and charging station, either through physical cable manipulation or wireless interference. They then capture the initial SLAC messages and modify them to establish their own communication channel with either the vehicle or charger. This creates a man-in-the-middle position that allows the attacker to observe, modify, or block subsequent communications.

The attack doesn't require sophisticated equipment—researchers have demonstrated successful exploitation using commercially available hardware and open-source software tools. This accessibility raises concerns about the potential for widespread abuse if the vulnerability isn't promptly addressed.

Potential Impact on EV Owners and Infrastructure

The consequences of CVE-2025-12357 extend beyond simple charging disruption. Successful exploitation could lead to multiple serious outcomes:

Financial Impact: Attackers could manipulate billing information, causing incorrect charging costs or unauthorized payments. In worst-case scenarios, they might redirect payment authorization to malicious accounts.

Operational Disruption: Denial of service attacks could prevent vehicles from charging entirely, potentially stranding drivers who depend on public charging infrastructure. This could have safety implications for drivers in remote areas or during emergencies.

Data Privacy Concerns: The attack could expose sensitive vehicle data, including identification information, charging history, and user credentials. This information could be valuable for identity theft or corporate espionage.

Grid Security Implications: Widespread exploitation could potentially impact electrical grid stability if multiple charging sessions are simultaneously disrupted or manipulated.

Industry Response and Mitigation Efforts

The cybersecurity community and automotive industry have mobilized quickly in response to CVE-2025-12357. The vulnerability was responsibly disclosed through proper channels, allowing manufacturers and standards bodies to develop patches before widespread public awareness.

Manufacturer Actions: Major EV manufacturers have begun deploying software updates to address the vulnerability. These updates typically involve enhanced SLAC validation, improved cryptographic protections, and additional integrity checks during the pairing process.

Charging Station Providers: Charging infrastructure companies are updating their station firmware to include additional security measures. Some are implementing network-level protections and enhanced monitoring to detect potential attack attempts.

Standards Body Response: The ISO 15118 standards committee has initiated work on protocol revisions that will permanently address the underlying vulnerability. These changes will likely become part of future protocol versions and may be backported to current implementations where possible.

Immediate Protective Measures for EV Owners

While manufacturers work on permanent fixes, EV owners can take several steps to protect themselves:

  • Update Vehicle Software: Ensure your EV's software is current by checking for available updates through your manufacturer's app or infotainment system.
  • Use Trusted Charging Stations: Prefer charging stations from reputable providers and avoid unfamiliar or unsecured charging locations.
  • Monitor Charging Sessions: Watch for unusual behavior during charging, such as unexpected disconnections or abnormal charging rates.
  • Enable Security Features: Activate any additional security options provided by your vehicle manufacturer, such as charging session notifications or security alerts.

Long-term Security Implications

CVE-2025-12357 highlights broader security challenges facing the electric vehicle ecosystem. As EVs become more connected and dependent on digital infrastructure, they present increasingly attractive targets for cyber attackers. This vulnerability underscores the need for:

Robust Security Standards: The incident demonstrates that even internationally recognized standards can contain critical vulnerabilities. Future standards must incorporate more rigorous security testing and threat modeling.

Continuous Security Monitoring: The EV industry needs established mechanisms for ongoing vulnerability assessment and rapid response to newly discovered threats.

Collaborative Security Research: Increased cooperation between automotive manufacturers, security researchers, and government agencies will be essential for identifying and addressing future vulnerabilities.

Regulatory and Certification Considerations

The discovery of CVE-2025-12357 has prompted discussions about regulatory frameworks for EV cybersecurity. Several developments are likely:

Enhanced Certification Requirements: Future EV models may face stricter cybersecurity certification requirements before market approval.

Mandatory Vulnerability Disclosure: Regulations may require manufacturers to establish clear channels for security researchers to report vulnerabilities.

Incident Response Protocols: Standardized procedures for responding to cybersecurity incidents in charging infrastructure may become mandatory.

The Future of EV Charging Security

Looking ahead, the industry is likely to adopt several security enhancements:

Blockchain Integration: Some researchers propose using blockchain technology for secure charging transaction recording and verification.

AI-Powered Anomaly Detection: Machine learning systems could monitor charging sessions for suspicious patterns and automatically trigger protective measures.

Hardware Security Modules: Enhanced hardware-based security in both vehicles and charging stations could provide stronger protection against physical attacks.

Zero-Trust Architectures: Implementing zero-trust principles in charging infrastructure could limit the damage from successful attacks.

Conclusion: A Wake-up Call for EV Security

CVE-2025-12357 serves as a critical reminder that as transportation becomes increasingly electrified and connected, cybersecurity must remain a top priority. The vulnerability in the ISO 15118 SLAC process represents not just a technical issue but a systemic challenge that requires coordinated effort across the entire EV ecosystem.

While the immediate risk is being addressed through patches and updates, the broader lesson is clear: security cannot be an afterthought in the development of critical infrastructure. As electric vehicles continue their rapid adoption, maintaining consumer trust through robust security measures will be essential for the sustainable growth of clean transportation.

The response to CVE-2025-12357 demonstrates that the industry is capable of mobilizing quickly to address security threats. However, proactive security design, continuous monitoring, and collaborative vulnerability management will be necessary to stay ahead of increasingly sophisticated attackers targeting our transportation future.